漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
[BIGSLEEP-434615384] cups-filters 1.x: out of bounds write in pdftoraster
Vulnerability Description
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In cups-filters prior to 1.28.18, by crafting a PDF file with a large `MediaBox` value, an attacker can cause CUPS-Filter 1.x’s `pdftoraster` tool to write beyond the bounds of an array. First, a PDF with a large `MediaBox` width value causes `header.cupsWidth` to become large. Next, the calculation of `bytesPerLine = (header.cupsBitsPerPixel * header.cupsWidth + 7) / 8` overflows, resulting in a small value. Then, `lineBuf` is allocated with the small `bytesPerLine` size. Finally, `convertLineChunked` calls `writePixel8`, which attempts to write to `lineBuf` outside of its buffer size (out of bounds write). In libcupsfilters, the maintainers found the same `bytesPerLine` multiplication without overflow check, but the provided test case does not cause an overflow there, because the values are different. Commit 50d94ca0f2fa6177613c97c59791bde568631865 contains a patch, which is incorporated into cups-filters version 1.28.18.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
跨界内存写
Vulnerability Title
OpenPrinting CUPS Filters 缓冲区错误漏洞
Vulnerability Description
OpenPrinting CUPS Filters是OpenPrinting开源的一个打印系统过滤器。 OpenPrinting CUPS Filters 1.28.18之前版本存在缓冲区错误漏洞,该漏洞源于pdftoraster工具处理PDF文件时存在数组越界写入。
CVSS Information
N/A
Vulnerability Type
N/A